Permission Levels
      Back to home
      1. Knowledge Base Help Center
      2. Permission Levels

      Changes to Service Account Permissions

      Understand how and why the default service account permissions changed in December 2023

      Purpose

      To better represent the average customer's needs, empower role-based access, and encourage adoption of more appropriate app usage by emphasizing the importance of the guest sign-in PIN feature from the service account.

      Background

      A service account is a special account created for every business in OneClickApp. It has a special permission set that allows it to stay signed-in on public devices in the business rather than having leaders sign-in and sign-out on a day-to-day basis.

      Until December 2023, the Service Account by default was given permissions approximately equal to a team leader that allowed it to be used to run shifts. This was done as a convenience to allow leaders to pick up an iPad and immediately begin making adjustments for the team.

      Things have changed since we first started with these defaults. We have added new features like layout revision history, minor status indicators, and sign-in PIN's. Additionally, we've noticed that more and more restaurants prefer to have a read-only service account so that team members cannot make adjustments to the setups on their own (inside the restaurant on the public devices). Because of all these changes and trends, it's ripe time for a change in the defaults.

      OneClickApp already has a powerful permission system built-in the the app. Each of the actions in the app have limited access based on the role of the signed-in employee, and these settings are configurable on a case-by-case basis. It's easy to switch between different roles in the restaurant, and the current configuration of the service account has been inhibiting customers from realizing the full value of OneClickApp. The changes will help both existing customers leverage the power of OneClickApp better and new customers adopt healthy patterns of access early on while adopting the system.

      In this article we are carefully using the term "default service account" instead of simply "service account" because some of these settings have already been changed on an individual restaurant level. Read more about this in the Custom Modifications section below.

      What's Changing?

      In December 2023, the default settings for the Service Account will change. The default configuration of the service account will lose access to most of it's privileges so that it basically has the same access as a team member.

      New Default Permission Set

      The following table displays the new set of default rules. Notice that the service account column is highlighted in orange. Green checkmarks indicate a given role has access, and empty spaces indicate no access. The yellow "X"s represent the permissions that are being removed with this change.

      Learn more about this table.

      Updated Permission Table:

      Old/Archived Permission Table:

      service_account_changes_2023

      Changes

      The default service account will lose the following permissions:

      • Edit shift assignments
      • Edit daily notes and view imported notes
      • Cycle rotating buddies
      • View layout revision history
      • Manage breaks
      • View minor status
      • View ratings
      • Add/edit custom shifts**

      TIP: Access these features by using your sign-in PIN to temporarily sign-in as yourself.

      The default service account will not gain any new permissions.

      The default service account will continue with the following permissions:

      • View daily notes
      • View shift assignments
      • View checklists
      • Complete checklist items*
      • Use Guest Sign-In*

      * Continues to distinguish the default service account from the default team member account

      ** This was also changed for the team leader permission as well.

      Special Notes

      * There are two settings that continue distinguishing the service account from a team member: complete checklist items, and use Guest Sign-In.

      The latter is the literal definition of the service account— it needs to be able to use the Guest Sign-In in order for individuals to gain the proper access level conveniently. However, individuals should not have access to this because this extends the risk of a team member improperly using a leader's privileged PIN without authorization outside of the restaurant and in the privacy of their own home. This risk is mitigated by only providing this option on devices that are physically inside the business.

      The former is an intentional decision to best support the average customer. We recognize that businesses frequently hand-off the the iPad to a team member to complete regular cleaning tasks. While this may be enhanced by requiring the team member to sign-in so that the completion properly logs the individual who completed the task, this is an unnecessary burden to impose on every user by default. This workflow can be requested through support.

       

      ** Access to Custom Shifts was removed from team leaders in addition to the changes in the service account. In the process of reviewing each of the permissions in detail, we discovered this this change would be most appropriate. Calling in new team members and adjusting the duration of someone's time on the clock is something that should be handled by one with more authority than a team leader— that's the shift leader.

      What's Not Changing?

      Other Roles

      The rest of the leadership roles, including all of the roles associated with actual employee accounts are unchanged** (see "Special Notes" above for more information). This means that if you have been logging in with your personal account, you won't experience any change at all.

      Custom Modifications

      TIP: Contact support by visiting OneClickApp.com/support

      OneClickApp is highly customizable. Learn more about the Configurable Permission Settings.

      Custom modifications already applied to your account will remain in force, and new requests will override these defaults. These are applied based on rows in the table above. If our support team has changed any of the rows in the table above, then that changed row will remain in effect while the other rows do change.

      Often times, you may not be aware of the changes we've made to your account. Interpreting your requests into the necessary changes in the system is part of the service we provide. We love providing that service and will continue offering it through our support team. If you would like to understand how your rules are configured right now, or request changes to them, reach out to support.

      What Do I Do Now?

      Start using the Sign-In PINS! If you haven't already, assign PINs to the leaders in your restaurant (or ask them to assign one to themselves). They can then use this PIN on the service account to access all of their privileged settings without having to use an email & password to login. Learn more about this here: Signing-In with PINs.

      Appreciate knowing who changed the layouts. With these changes, the layout revision history will be more accurate so that you know who makes those surprise adjustments.

      Rest assured knowing that employee privacy is protected. Before these changes, the service account had limited access to see summaries of some private information. These have been wholly removed now, and no information will leak out through unsuspecting channels.